Vulnerabilities > CVE-2002-2235 - Numeric Errors vulnerability in Jelsoft Vbulletin

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
jelsoft
CWE-189
exploit available

Summary

member2.php in vBulletin 2.2.9 and earlier does not properly restrict the $perpage variable to be an integer, which causes an error message to be reflected back to the user without quoting, which facilitates cross-site scripting (XSS) and possibly other attacks.

Common Weakness Enumeration (CWE)

Exploit-Db

descriptionVBulletin 2.0.x/2.2.x members2.php Cross Site Scripting Vulnerability. CVE-2002-2235. Webapps exploit for php platform
idEDB-ID:22042
last seen2016-02-02
modified2002-11-25
published2002-11-25
reporterSp.IC
sourcehttps://www.exploit-db.com/download/22042/
titleVBulletin 2.0.x/2.2.x members2.php Cross-Site Scripting Vulnerability